-
-
Notifications
You must be signed in to change notification settings - Fork 115
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't login when SuiteCRM 8 is behind a LoadBalancer #74
Comments
Any update about this issue? |
Hello @johnM2401 , Have you had the opportunity to examine this case? Our focus is to provide the most up-to-date stable version of SuiteCRM chart. However, this particular issue is hindering our progress. Any info would be greatly appreciated. |
This issue led to the official discontinuation of SuiteCRM from Bitnami, driving away potential users and with them future funding. We wanted to try SuiteCRM and potentially collaborate in the future but without proper kubernetes support we won't engage in the hassle. How can it be nobody cares about what seems to be a rather minor technical issue with big impact? See also |
@migruiz4 From your screenshots, the issue is obviously caused by, when the v8 application is configured behind the load balancer, this load balancer is attempting to login via @johnM2401 A simple solution to this issue would be for the v8 application to auto configure its Apache 2.4 to redirect all incoming (non- |
@chris001 This issue was opened 2 years ago and no maintainer has even bothered to comment, assign, label, nothing... This isn't solved because it's not technically possible but simply because they don't care, unfortunately. |
@AndreasBBS I agree it's a pity, it seems there's a shortage of PR triage resources. One simple solution for this particular issue would be to configure the LoadBalancer to connect to SuiteCRM 8 thru |
As far as I remember, both ERPNext and Odoo are open core though, I was placing hopes in SuiteCRM as a fully open-source alternative :c |
@AndreasBBS @xeruf |
@chris001 I did applied your fix, but i am now getting endless redirects. I am using traefik as an ingress controller/reverse proxy in my cluster to terminate the TLS. edit: in your fix, should we add conditions to not match ips like the pods/service/cluster CIDR? |
@migs35323 One thing I realize it needs is, for the OAuth login, Suite should send a "long path" Yes, further checks would best be made: IP address, hostname, the |
@migs35323 It seems to me that the approach of the suggested fix is through this solution:
That's an admirable effort on @chris001 part. In my opinion it's easier and cleaner the solution suggested later:
I understand why by default SuiteCRM requires https for some stuffs. There's lots of non technical users that will just launch the server and not take the time to secure it. On the other hand advanced users usually setup a reverse proxy that does the SSL. Most of the workloads I run operate in http and I'm responsible for the SSL optionally. I don't mind the default being forced SSL but there should be an option to disable it. I'm going to take a look into it and see if I can introduce such environment variable that if present disables the forced SSL. I might take a bit because my Apache knowledge is terrible, I always preferred NGINX. |
Issue
I'm trying to deploy SuiteCRM 8 in Kubernetes.
When deploying my container using Docker compose or testing locally using
minikube
, everything works fine.The problem starts when I try to deploy SuiteCRM 8 in the cloud (GKE). I configure a LoadBalancer service, SuiteCRM login page appears, but when I try to log in different error appears. These two will alternate randomly:
Sometimes, after refreshing, the following will appear the first time I try to log in:
This doesn't happen when I log in using the
/legacy
UI or using the same deployment but my traffic does not go through the GKE network loadbalancer (using kubectl port-forward).Screenshots and logs
Here are some logs and screenshots for each case mentioned above:
Network after both attempts:
(After refresh) Error occurred while fetching metadata.
Succesful login using
/legacy
:Succesful login when traffic doesn't go through the network load balancer:
Expected Behavior
Be able to log in through the LoadBalancer service.
Actual Behavior
Login attempts will fail.
Your Environment
The text was updated successfully, but these errors were encountered: